CVE-2026-40984
In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Aff
CVSS
7.5
High
EPSS
0.6%
p46
KEV
—
Exploit Today
14
0-100
Published: Jun 9, 2026 · Last modified: Jul 15, 2026 · CWE-400 · CWE-770
In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Affected versions: micrometer-core 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18; 1.9.0 through 1.9.17. micrometer-jetty11 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18. micrometer-jetty12 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18.
- spring.iohttps://spring.io/security/cve-2026-40984
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36839
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:37390
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-40984
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2486716
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40984.json